<?php
include "utility_functions.php";

// Get user id and password
$client_id = $_POST["client_id"];
$password = $_POST["password"];

// Lookup and verify the user id and password
$sql = "select Client_ID, AFlag, SFlag " .
       "from CLIENT " .
       "where Client_ID='$client_id'
        and Password='$password'";

// Run a SQL query 
$result_array = execute_sql_in_oracle($sql);
$result = $result_array["flag"];
$cursor = $result_array["cursor"];

if (!$result) {
  $login_error = "Server error. Please re-login.";
  header("Location:login.php?login_error=$login_error");
}
else if(!($values = oci_fetch_array($cursor))) {
  // User account not found
  $login_error = "Incorrect username and password combination.";
  header("Location:login.php?login_error=$login_error");
}
else {
  oci_free_statement($cursor);
  
  // User account found, retrieve privileges
  $_SESSION['user_id'] = $values[0];
  $_SESSION['aflag'] = $values[1];
  $_SESSION['sflag'] = $values[2];
  $_SESSION['session_id'] = md5(uniqid(rand()));
  header("Location:index.php");
}
?>